On 6/20/2009 5:00 PM, Nairda wrote:
> Hi everyone.
> Can someone with a bit more understanding of these things please read 
> this article and say weather this applies to SM as well?
> http://blogs.techrepublic.com.com/security/?p=1716&tag=nl.e011
> Snip:
> In a surprise move this year, Microsoft has decided to quietly install 
> what amounts to a massive security vulnerability in Firefox without 
> informing the user. Find out what Microsoft has to say about it, and how 
> you can undo the damage. Microsoft pushed out its .NET Framework 3.5 
> Service Pack 1 update this February....
> End Snip.
> It looks rather nasty, and I wish I had read it sooner.
> Cheers.

The malware is a Firefox extension that (among other things) disables
the ability of Firefox to remove it.  This apparently affects only
Firefox 3.x because of the way extensions are installed.  SeaMonkey
1.1.x is related to Firefox 2.x and is not affected because of a
different scheme for installing extensions.  I don't know if SeaMonkey
2.x will be affected, but it does use the same extension installation
scheme as Firefox 3.x.

In any case, I've avoided this problem.  My Automatic Updates is set for
"Notify me but don't automatically download or install them."  Since I
use Internet Explorer only to get Windows updates and to check my own
Web pages, I have rejected all .NET Framework (and ActiveX) updates.

Suddenly, I'm very glad I did not update my Windows XP SP2 to Windows XP
SP3.  The latter would have included this malware.

See bug #499521 at <https://bugzilla.mozilla.org/show_bug.cgi?id=499521>.

David E. Ross

Go to Mozdev at <http://www.mozdev.org/> for quick access to
extensions for Firefox, Thunderbird, SeaMonkey, and other
Mozilla-related applications.  You can access Mozdev much
more quickly than you can Mozilla Add-Ons.
support-seamonkey mailing list

Reply via email to